Stay safe online: avoid scams, OTP fraud and fake messages
A practical safety guide for smartphone users in Nepal: recognise common scams, protect your OTP and passwords, spot fake calls and messages, and know what to do if something goes wrong.
A smartphone connects you to family, money and services — which is exactly why scammers target phone users. The most common scams do not 'hack' your phone at all; they trick you into giving away a code, a password, or money. If you know the tricks, you can avoid almost all of them.
This guide explains the scams that affect Nepali users most, in plain language. The single most important rule to remember is this: never share your OTP, PIN or password with anyone — not even someone who says they are from your bank, a telecom, eSewa, Khalti, or the police.
Read this carefully, and share it with older family members who may be more trusting of unexpected calls and messages.
Common scams to watch for
Scams change names but follow the same patterns. If a message or call creates urgency or excitement and asks you to act fast, slow down — that pressure is the scammer's main tool.
- 'You won a prize / lottery / lucky draw': asks for a fee or your details to release winnings you never entered for.
- Fake bank or wallet call: 'Your account will be blocked, share your OTP to verify' — a lie to drain your account.
- Wrong payment / refund trick: someone claims they sent money to you by mistake and asks you to send it back, or to scan a QR to 'receive' money (scanning a QR sends money, it does not receive it).
- Job, loan or investment offers promising huge or guaranteed returns, or asking for an upfront 'processing fee'.
- Fake delivery or customs SMS asking you to pay a small fee through a link.
- Impersonation of family: a message from an unknown number saying 'this is my new number, I need money urgently' — always call the person on their known number to check.
How to spot a fake message or link
Many scams arrive as a text or WhatsApp with a link. Before tapping anything, check these signs of a fake. When in doubt, do not tap — open the official app or website yourself instead.
- Strange or misspelled web addresses (for example, a name that looks almost like a real bank but with extra letters or numbers).
- Urgent threats ('act now or your account closes today') or unbelievable rewards.
- Poor spelling and grammar, or a generic greeting like 'Dear customer'.
- Requests to download an app from the link, or to enter your login details on a page the link opens.
- A sender number or email that does not match the official one you know.
Build strong, simple protection
You do not need to be a tech expert to be safe. A few habits protect you from most threats.
- Use a different password for your email and your money apps, and never reuse the same one everywhere.
- Turn on the screen lock (PIN, fingerprint or face) so a lost or stolen phone cannot be opened.
- Keep your phone and apps updated, since updates fix security holes.
- Only install apps from the official Play Store or App Store, never from links.
- Add a separate app-lock or use the app's own PIN on banking and wallet apps for extra safety.
- Be careful what you share publicly on Facebook — scammers use personal details to sound convincing.
What to do if you've been scammed
If you think you shared a code or sent money to a scammer, act quickly and calmly. Speed can sometimes help recover money or stop further loss.
- Immediately call your bank or wallet's official helpline (find the number on the back of your card or the official website) and ask them to freeze the account or transaction.
- Change the password of any affected account, and your email password, right away.
- Stop talking to the scammer and block their number.
- Report it. In Nepal, online fraud and cybercrime can be reported to the Cyber Bureau of Nepal Police — search for their official contact details and follow their reporting process.
- Tell your family so they are warned, and keep any messages or numbers as evidence.
Key takeaways
- ✓Never share your OTP, PIN, password or card details — no real bank, wallet, telecom or office will ever ask for them.
- ✓Scanning a QR code sends money; it does not receive money — be very careful when someone tells you to scan to 'get' a payment.
- ✓Urgency and big rewards are the main tricks — slow down and verify before acting.
- ✓Don't tap links in messages; open the official app or website yourself.
- ✓If scammed, call your bank/wallet helpline immediately, change passwords, and report to the Nepal Police Cyber Bureau.
Stay Safe Online — FAQ
Someone called saying they are from my bank and asked for the OTP. Is this real?+
No. Banks, eSewa, Khalti, ConnectIPS, telecoms and government offices never ask for your OTP, PIN or password by call or message. Anyone who does is a scammer. Hang up immediately and, if worried, call your bank using the official number on your card.
I received a message that I won a lottery or prize. What should I do?+
Ignore and delete it. You cannot win a lottery you never entered. These messages ask for a 'fee' or your details to steal money. Never pay anything or share information to claim a prize.
Is it safe to scan QR codes for payments?+
Scanning a QR with your wallet or bank app is for sending money, not receiving it. It is safe when you are paying a genuine shop, but be very careful if a stranger asks you to scan a QR to 'receive' money or a refund — that will take money from your account, not add to it.
I clicked a suspicious link. What now?+
If you only opened the link but did not enter any details or download anything, you are likely fine — close it. If you entered a password or OTP, change that password immediately and contact your bank/wallet. If you installed an app, remove it and run a check from your phone's settings.
How can I protect my elderly parents from phone scams?+
Explain the golden rule clearly: never share OTPs, PINs or passwords, and never send money or pay fees to unexpected callers. Set up screen locks and app locks for them, agree that they will always call you before acting on any money request, and warn them about prize, loan and 'wrong payment' tricks.
Sources & data note
These guides explain widely-accepted SEO, AEO and GEO practice as documented by Google Search Central, schema.org and current industry research. Search and AI systems evolve continually — treat specific thresholds (e.g. Core Web Vitals targets) as current guidance and verify against the latest official documentation. Examples are tailored to Nepal's market.